Framework for Developing Secure Converged Web and Mobile Applications

Abstract

The emerging need for web and mobile applications in service delivery information platforms has rapidly resulted in a bulk of applications being developed with little concern about their security. Researchers in web and mobile applications security have proposed a number of solutions to security threats in these computing platforms such as 'in device' and 'in network' level security. However, little has been done in assisting developers of web and mobile applications build secure applications. This paper proposes SeC-WeMA (SeCure Web and Mobile Applications) framework which, is a holistic security framework for guiding the development of converged web and mobile applications. SeC-WeMA framework has four building blocks which provide guidance to application developers on conducting system threats modelling, identification of security requirements, conducting security controls assessment, and conducting system security testing. In addition, the paper presents SeC-WeMA framework validation results as it was presented to developers of web and mobile applications. Following our previous works on converged web and mobile applications, SeC-WeMA building blocks have been put together by using ConceptDraw software. SeC-WeMA framework validation has engaged a quantitative empirical approach with three major assessment metrics which are: framework relevance, framework usability and framework flexibility. Preliminary results reveal acceptance of SeC-WeMA to web and mobile applications developers as a holistic security framework to guide them on development of secure applications.